Azag

blueeagle69 could you show me some proof that you got this to work (HFS using STunnel.) It would save me time in setting it up and finding out that it isn't working if I try again. :roll: A screen shot or link of a site running with this would be nice. Maybe you could write a little tutorial on how to do it successful, that is if you have tried this. Still though without some proof I have a hard time believing this would work no offense. Even if it could to me it seems hardly worth the trouble unless maybe you run an e-commerce type site or want more privacy or added security. I have tried experimenting with this in the past with HFS, STunnel, OpenSSL and made a working certificate (.pem file) and had no success even with STunnel tutorials I found. :?

Go to http://www.stunnel.org/pem/ and create a free SSL Certificate. Copy this to the STunnel main folder, This certificate should be called STunnel.pem.

Then edit the STunnel config, and find these lines. If they are not there, then simply create this section. If they are there, they may be remarked out by default, so remove the remarks. It should read exactly as below

[https]accept = 443connect = 80TIMEOUTclose = 0

Change the connect line to match your server port, and change the accept port to whatever port your URL connects to. It is best to leave it at the default though.Next, I recommend loading HFS first, then STunnel last.

Then either connect to your PC, by using your IP with :443 on the end, or do as I did, and create a DynDNS account.If you are not aware, you can create a normal Dynamic domain, and have this re-direct to another DynDNS webhop.

I would send you a screen grab, but my mate who normally connects to my server is on his hols. And I can't because I am behind a Router Firtewall. So all I get is my Router logon.

Anyway, here is my address. See if you can connect to it.It will be pasword protected, but at least you can see the server login, with a bit of luck.Hope this helps you. http://blueeagle.webhop.org

deisler

Hi, i've got mine working too. except i can't seem to login successfully. main page works and public folders work under https and it'll always auto direct to https, but if to login it'll go back to http! how do i direct this to https? sorry if i'm not clear on my question really don't know how to put it into words.

main page works and public folders work under https and it'll always auto direct to https, but if to login it'll go back to http

Same problem here! Didn't had the time to do some testing on stunnel in combination with HFS. Did already as Maverick suggested and more ... still the same result:https://10.0.0.150/~login either from browser command line or template either href="/~login" or href="https://10.0.0.150/~login" didn't work:The authorization dialog appears and you are kicked back to http://...But, then enter https://10.0.0.150/doesnotexist/ the error page appears, press "home" and you are. Or enter https://exist/ idem.Maybe a caching problem? Maverick, deisler which versions of stunnel and openssl dll's are you using.I tried & errored the last few days to create my own private key/certificate pem-file and used different compilations instead of the default one's, succesfully Thought that all problems were solved and just started to write a short manual. Oh, btw testing on intel, xp SP2, IE, no admin :roll:precompiled stunnel 4.15, openssl probably 0.9.7i (0.9.8a crashes stunnel 4.15 .exe)

1. HFS with stunnel works perfectly as long as the ~login command is not used. In order to enter a protected resource, the user:password dialog pops up and after entering the right credentials, (https) access is granted. This is the expected behaviour, nothing wrong!

2. Use of https://site/~login after entering the user:password replies with http://site without recognising the user. I guess this login command is implemented differently than the "normal" user:pass dialog.

3. If yes, and if it can't be fixed, it would not be a disaster, because working according to 1. would do the job perfectly.

4. But ... i tried to adapt my filesystem to 1. and found that after being looged in as user A for resource A a protected folder for B was not visible anymore. Unfortunately, the option in the menu "Visible only for anonymous users" wouldn't do the job. Shouldn't it has to be "visible for all user". Now i understand the many question of users asking for logout.If it was visible for all users you could just log in with the other account.

Don't know why you are having login problems. I'm not doing anything different now than I did with just HFS running and everything appears to be working just fine. I don't, however, and never did, use http://site/~login or https://site/~login for logging in. Just http://site with just HFS running and https://site with HFS and STunnel running.

I don't have any problems moving from folder to folder, uploading or downloading - https is always active as it should be.

Check your template. Maybe you have something in there calling a http://server-related-link which would likely cause a switch from https to http because they would both be valid addresses from your server. But in this situation you would probably have to login again to access the http IP address.

Here are a few examples confirming that HFS & STunnel work together in all major browsers.....